From patchwork Tue Feb 25 09:09:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13989593 X-Patchwork-Delegate: dsahern@gmail.com Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2084.outbound.protection.outlook.com [40.107.220.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FBC9266B5E for ; Tue, 25 Feb 2025 09:11:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474662; cv=fail; b=iedXbP2zYtCW0+w7vaPcJjOFwrhK0Ne4hTNea0lccftu5ryWPYBleFy7aaBoi08MAoopnOjh/BNiMng0K8fUGFhsB5g8V5b70WC9fN7kdn7cJWCbwcq3PV6xSOQA3MEzpmy/vgozPEK38cURu07ni1IouN7Grtu/YNwVpUtRjDI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474662; c=relaxed/simple; bh=tly8zG4/k1WKSiKWycIet/C52NFzCNLUI5Zw9hukI9U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fWsH/iD5uOErWZAlDLgyEkLygFQggIcO8+zIblxEFwHnNecMS+5qSwWf7cSIEm7Ue2NaP2szQJU+WcNU726iOISXQuzF27bR0ZT2815HaZRSNZK+WbYYLm6AgAH9fEAdIyIhWmY9xlxq+QYL9YVGVIk3hMuUo4k19ebHhI3u7Sg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=Wn0K90o+; arc=fail smtp.client-ip=40.107.220.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="Wn0K90o+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WY2ExbDmus/hBEOP/Td/WNzTxMQWwJKODlu3hs5A0HHPrb4yGZ2/xOHF6NO6+52caYHdxnpJqLy1YTp3LgF9JrHZ8UWmN1dR7EXUzN8L9emFi4zFZc2L/Yjpi0QiNM44X0bV62P1h8XnBwtz9GHGPMhjuWDmOgkJpE6aH0NLvsk6hZ1eaMHuh9Ru9MEXnoNdTpC1fyCkadlWIFDR0SW3Sul6OyZz7p1qeVVfXhLXzrUhGF33xsYySHEKzlyFt58TFvy+HkjXEnIbzrOpokwX/XuzWiQFS3LdrSgXCkhVJ1Q+lSy15eiQOseAgn8bGZeR9KlDJ2gyCKhiSMwje41Sxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KvkfJmuxTCIG06rZCADtd5h+Yhz6gSrhaYRvZLv7NSc=; b=xMKzvY19SH1ZFROX5SDv16nAEDbv4VwSrBuULtPLhRrZ8qXzN0wIdbPXGvcxxS9uCreykp2rnqKSwUPCxpSe3BMp7aU9t1NFjx+Yc1Eb6prnN/SX5TUx6uzY4Ex2Gk7O8jde/q158QGOPsOA6MAOwhXsauBscsF+FsN3Fj/tmPHiDI4gQQCplY03AmWy+kn9gno4xv9ULCdBlMxC24OR6mPibshCH/ovP1HgUJyNfZWeI6NeOFb39sfJ0iCo+BGzECHzz0Npbxbi17CT1R6ojXhyIyn/4tcINYzYaT8YSwu44ON5u2XKyjbWpjwCO2bl49sHiAQIzICxlUOmnDeyJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KvkfJmuxTCIG06rZCADtd5h+Yhz6gSrhaYRvZLv7NSc=; b=Wn0K90o+hgmHDs/K/ZwehFaMRekTNbySnUQZDux1ZxsCb++Gt0amqebTrGaBqg1KUYYSil+/HsS6NtXlm1wTr5qtoEvk2oJBsJoZzGVfEYJ2y4i0ZrohfYMa0s4Pb8iOJ7NObBygfYl1wFFhbAc66YH7tHCq5TSXig4P2RI5prExXOilKIM5SNE/RxHlkOqwU5QXAEWEkTIwJ23bPMWpJncV00ceRhg5LAsJWnRw1hdyRMr0+CC9Bkpic3v3hR1PehOXtFG5KGiCMSc5VVioPwDx9Aa101kwgbszbcx5Bo45+U54iu5hyk3y/WET5ep2kISlNGMG798wuV3LH9Nnhw== Received: from MN2PR16CA0064.namprd16.prod.outlook.com (2603:10b6:208:234::33) by CY5PR12MB6599.namprd12.prod.outlook.com (2603:10b6:930:41::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Tue, 25 Feb 2025 09:10:55 +0000 Received: from BN1PEPF00006000.namprd05.prod.outlook.com (2603:10b6:208:234:cafe::35) by MN2PR16CA0064.outlook.office365.com (2603:10b6:208:234::33) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.18 via Frontend Transport; Tue, 25 Feb 2025 09:10:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BN1PEPF00006000.mail.protection.outlook.com (10.167.243.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.16 via Frontend Transport; Tue, 25 Feb 2025 09:10:55 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Tue, 25 Feb 2025 01:10:41 -0800 Received: from shredder.mtl.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 25 Feb 2025 01:10:38 -0800 From: Ido Schimmel To: CC: , , , , Ido Schimmel Subject: [PATCH iproute2-next v2 1/5] Sync uAPI headers Date: Tue, 25 Feb 2025 11:09:13 +0200 Message-ID: <20250225090917.499376-2-idosch@nvidia.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250225090917.499376-1-idosch@nvidia.com> References: <20250225090917.499376-1-idosch@nvidia.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00006000:EE_|CY5PR12MB6599:EE_ X-MS-Office365-Filtering-Correlation-Id: da6f769f-fb38-4702-520f-08dd557c4f5a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014; X-Microsoft-Antispam-Message-Info: dwGvqU96s1+2DiQHx4myAJMJFvXWggGMW50LFD3bAXZRWwozkzYIcGQg29NzC/mIaFr4aYrD06GMpKHJl2LkglSPI1I/NMOaQWfqj9QkWaqv/+ahAML325LlAO5lVXd1A3fXmyc5c65g/Jff5pJeMyBb7xL6fQmfYWzBfpGr8VQ2ksJMehSY19EIBtuxo5RcAntJypclZNaydgyqUfHnfUsGVL3Qsh30yCnOUFxYh6na+v17pwF2p/tVbg5OPMvMjHZbLsuFH4kRBCKJRSMwp9K7EIVO/cvVu1DkGWEgl+Z6b17Vl7gCcV2uqZ+NtAAmiY/FwEEI9dOD4rKHEJqQNpMSdyE7tNPcn0/hcnzdmqGQxvfCiPa5dkRVtNTxeQoS5Qh/26KgKo66wjJe57W5PaNXrMghVKiHpkSpViRNKMP6uDCdwnc9xM3XuGnZJGdgpv2Z8YSTWDHvbjafluxTO7OE3aHkdYq+kqhKEjsbAvVR0euQaQ5fb9bn78OCE6XlRvc2BgRQ+qFABThM44ajcxMGsqNMki3w/BJy9ZR2gGwu8DlbuZmzdAlz4z8+W+4NAGOw1lvV6xIKFXhGrRLU1MJZkSXGEpekaD3i7xBSRKodXuMgMvUpavQOf6bWHBDQign1OTdoDDr3f/eZ2tmB/UVHYmcUNH2CAugAbdCvbSZy0vU8JSrRSnT0H2vAlRfJxQFH6ZVhGs7BpUPYXRq6Io5pRWdNgCbW8t5qskPEtwL60iFuh8EaZdyB9/Hs2Y3USu0unRw3QPFLYHCHZs94LVtQX0LmQIGL/UqqB1YiFB5jqcjlBnU9qd6pzY6hTpxojQTUfA49/Id/hX3ttvC0rdBywQcTV51vwEyex8ltA2IAG6h5KKo3OeyopH5JI5jkv8z6CO4mcBl+B5bJpwPFTOmVlhvm1E9Ry00Ls8V7fu0njMnmnT1lVa/9+iT9kxONMjNeJKtHR0moiQBHPpegzNRWvFCMH87cpH8R6lNKqRwGd5o7wnPj5GxxfgV86WNRBVcSlTbPkjeZH+ycdbGoFO/169SUS4Q6qD36/myvTXolQYr6lRjnuVOwuvAYe2Sx/Dh7Djvrmq/bXCsfxhXilpO11NYjIT/mJpCWts/S8sMUC5d//AeO/Dd1Zp1fVPIVb9XmmzXW0PABqDavfrZW8B4PUbnBCxaTzYqykYF0Hm1TBfffMpoLwA5T646DBeTBvVmN6sldOD9D7CsHytmtAncZNxX7qc19m5mglR64UuxH2FAHLDzOa0eXb0oMo/F0znZJD86lo6xAZNF7niGT5P1RGu7eNnJXmSNfKzxOBF/6QgbwPvVwGx+Ke/qVu2lPEGNDhvSXyfZLCJ5b1MfkYAUK4YVlq3tnQQIjYZpOlGUEEJomGzsBuq9xyuGY50nIBYytljpHrE50mZdE94l0MRfK0qXr8J19eozECMeK1/eoNiHEIJPW77shGD3QE1xCUDAQbW4GnBUFeYNlW6y9C3WFU7ImshAZWOo5lmmmP+Q= X-Forefront-Antispam-Report: CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2025 09:10:55.0072 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: da6f769f-fb38-4702-520f-08dd557c4f5a X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00006000.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6599 X-Patchwork-Delegate: dsahern@gmail.com Signed-off-by: Ido Schimmel --- include/uapi/linux/fib_rules.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/uapi/linux/fib_rules.h b/include/uapi/linux/fib_rules.h index 00e9890ca3c0..2df6e4035d50 100644 --- a/include/uapi/linux/fib_rules.h +++ b/include/uapi/linux/fib_rules.h @@ -70,6 +70,9 @@ enum { FRA_DSCP, /* dscp */ FRA_FLOWLABEL, /* flowlabel */ FRA_FLOWLABEL_MASK, /* flowlabel mask */ + FRA_SPORT_MASK, /* sport mask */ + FRA_DPORT_MASK, /* dport mask */ + FRA_DSCP_MASK, /* dscp mask */ __FRA_MAX }; From patchwork Tue Feb 25 09:09:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13989594 X-Patchwork-Delegate: dsahern@gmail.com Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2083.outbound.protection.outlook.com [40.107.94.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA824266B73 for ; Tue, 25 Feb 2025 09:11:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474665; cv=fail; b=kQHBtlXxsMZXGNeE2NAO0R7LXGKTUYvjTAVGeV+20BHZ+mOW9S7r+gy5tc1pMmEAIyAQIAaxKHY26ZDHQUmXOhP6qOaaLeokl14R3Yyrej4aNGQ8Cb2a09HkQeS22cezed1pNnaTfWksXRqWZn5Yaxf1jm1+V/t6xeDXaJpn0+I= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474665; c=relaxed/simple; bh=fupC4esfworhHEjmPkpqPHZ+ad7YpnRxCEa9pkavoEY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NQ5KXYl9UKJGsMnQUWm7MJvauQokOyy4Kb22EXEzr+9uMxvDFaiw81+1PqcbmV6JGSqm/sjemZMQbwbU2tID95ZxmbWpi4ZMV3R+rmegUBnXv+2AA5rCqL4SNqrRd0JoK4yrGd7p4yOi8rJv000Vhl00DGLp7x0JCJ3GHdiLSQA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=kP6oEJmt; arc=fail smtp.client-ip=40.107.94.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="kP6oEJmt" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CXVH5fWsdR9Na6oiR5eUm3pOSL7BDR2dynWpccR4WDVYQk6JzW50BtPSl+qB8X1ek9MOacDi9iwDGdXiMDkHTxZ/2mCYK7GBY+HggUzNTmnzT5tbyfUjTG1ZlG/qen/Lh+m7iNIB98L+dZuhzjB3FkESfWJqxwC/TBYuJaK3e9qpiBvBD8KLzBZnub7SDg0+3lR7O5iFU9LSI7RtFaEWw3SvMbVnwm/acgXoc4q3SXmQWm7ZrkJXf6Kydgyy/gqDaYhkfhuoBNUz4CBWpjb6n7SqHyphWwWX0Am+icqy8nHON7eRQI9KBPmuroi+kc05QFZfh45LkHGuClmBnuBgrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MERM86zKVjL2yeSEH1F8dUjCdME2aIigL7i9ig4xj4s=; b=G0dpnfzINMC+ExJfeu9BS/at7u85asfHRnx6acftkysqL/JosPY88KZlV4XgPXffHvOl57lyy+s+H/ZU2N9r4K9piGNpjsL0kTQlPS1v4LYQzdM2DZYmjGHuGo3M3KmK7LdlVLxP6wmOGOZKTmxceLeE/Kk95Rt6h4KuRmsF0N5zSkXPrCyYJQ/4sqP7PXk/FfZV+To8Cuzk3R4fLN+YscDWaINUHzXVTXl0JlXSN7jDc5CFPV2AsPzVGyw6rpC+Zg3CYocqsleU1rrtfDrho6VKmX4vmAZ3+OGd3VQdAGBYnLtaZb0i26nUH0+NWHLFlOlPzHuto7ugovNS1VqfdA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MERM86zKVjL2yeSEH1F8dUjCdME2aIigL7i9ig4xj4s=; b=kP6oEJmtX5xob9CCbuLWFu6jTdu6aXNO1SW/3tKvE7G1ZNsUMVhn4hNfTCDo8FZZi7uqOUFHOvytcru9zmritTePX5fro4OXd8ce7PpTWpNn20c85FCu7Y/ygRT8eEtwlINh0QFhlxoxVOyxKHIWHL60q+kkbNsq6QQ7IXwLaPI5y7iwgUm5WVQWFVNOodSK0e+jj6toJohsgsPc51FIgBy1ZCXdXwYy9v2SnuMYCxL6vGJwsDEmqvHup7gFiSuX299wApmsALp2XYeso+InPkQQfCEo73vkVT8gM/fmIrEBAQYv68/L2ym9m8EXibITV7fN+xqncMn3G4UHTyH6uw== Received: from BL1PR13CA0397.namprd13.prod.outlook.com (2603:10b6:208:2c2::12) by DM4PR12MB6207.namprd12.prod.outlook.com (2603:10b6:8:a6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Tue, 25 Feb 2025 09:10:58 +0000 Received: from BN1PEPF00006001.namprd05.prod.outlook.com (2603:10b6:208:2c2:cafe::44) by BL1PR13CA0397.outlook.office365.com (2603:10b6:208:2c2::12) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Tue, 25 Feb 2025 09:10:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BN1PEPF00006001.mail.protection.outlook.com (10.167.243.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.16 via Frontend Transport; Tue, 25 Feb 2025 09:10:58 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Tue, 25 Feb 2025 01:10:44 -0800 Received: from shredder.mtl.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 25 Feb 2025 01:10:42 -0800 From: Ido Schimmel To: CC: , , , , Ido Schimmel Subject: [PATCH iproute2-next v2 2/5] iprule: Move port parsing to a function Date: Tue, 25 Feb 2025 11:09:14 +0200 Message-ID: <20250225090917.499376-3-idosch@nvidia.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250225090917.499376-1-idosch@nvidia.com> References: <20250225090917.499376-1-idosch@nvidia.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00006001:EE_|DM4PR12MB6207:EE_ X-MS-Office365-Filtering-Correlation-Id: c4e48610-83fc-4b29-202a-08dd557c516a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|376014|1800799024; X-Microsoft-Antispam-Message-Info: LVZ9cin/0Fkl8A7Dl7seE3ynLCvxW9tAMK7Zr242vJNDWlNrWwLhlEfIMQcPzSQPDzocNQcxvxSiq3Vs6riVGa9ixDzjWeAx45ZiL94+a1eIzfCvkW3KG357nlBCk+TUPBPLYHXZnoQQOfwop/MaOGaMUn6NSM+4FRHM12kvw3D61H70zIuxgmwQmMH0zd5n9b5EA6iXIYPiHzXCjFETR3ikAcdDd37d/2vXTWL3+UJog5ZP/WOgXkwAMck//4MDWNJD7MtblpK/HmPCfTDmvG9oRIzB2zlqsREmSHc/OeFJC+/n5BBEPd3shqVPoFah3kEkgtD64zOGsBLOeLFhsmSlTTIfRe37osgW+wTrgOUEDWAOh5zM/CLjBdjOM6zlhiMnAByJAfzZv33gWnk19xjaCyTIFRPREdu/BHRKeB4PqS+xBiLb7h2+1kiMr1ov70N1cLnOXTVVwWbCmniAiQPzUW8I0rYk/GGHjwPbj82IAYFYnbew60olimrJ6TxspOHuc5KEy2f3jYGJ1Du6zxCCSO8VYH3IBjy4wdOL9D9g9qEW24D67lr2K15fnr6vr3XIvnvlSkSzBCBbumN5K2eNi1vngIcVgpUyZgEbRP+rIADVAgsSECzZX1LrCKMH1wFSu3mGYSv40O3/yNV7EfwGa0+2PI1Wd+1WO0XFJekjllRJ1igIwuwI1Jx3MOFAjvSH7tfXaJ1QpiQnnD2LTKmyf7dj6TUAH3FxvYpFSeDvj3J9RMpnyoqEqgHrmnMuzaznV5besE2kU7bvOeOosVIozA1rCMCU4H2ySgE009gb2g00FxP4FSI0Acte4dtAXfebknYcu5PTm6oIODtea86Ggyq1mDXN7nvHPuVE8x7JYsxo1XDxA8Jveiuk5ObGbYzO//2Q9KtqCf1JfVhjeI5lvfs3yyx6cim8wmJ6kaCMkbR10YdV6xZz/UXErJcQm0XZ3CzTRyoraSQRoI+SES5SRjhkQ8e3eIIyfdKWwBYKh+evIe4OCZVd+QL6LcI/tnwj8zR0SbgpGmc0I57EWPJbzFmEY33qP2CKx/8DcimXGvOixGdMnG69unZz+BdAnnDIqQpsjDS7lKMeMdHYC9SYh5QBVatinzK7WLsU2Jdm9p5Pj0lTPqtVpioqpjJnhYkXsMIzb+3jZcbmTLXuySsUB7kbn2ZYmqdBWcRBSiV7u0pN9SE4OTsIpzCqDgLnuZXPZk6bzMpZau4htGJMD3jKvAtSbUWCuNoiQXyet3bWLjsljOWOqDmT7ATRyNsl9xi8vcwHpIdQZckLqEP4aK9hLhS/38TcVLPqZC4kCeDJvF0jXXG+3ywDSGpVY9/GNg2uD7QsvfF1ZZv11Oa+XonSZYFe1nF4x6DD4tSUc2FeBGc7JM1g/sSXPUTdlWDKvlDNe8+9rGShJ4r8RwprQHhegEz+Xw/+WHFK5AGb1fEbZM0tA7uMJLrLW4omXAl3vb2RoYE8TQ9nHOXrI+R2DFTek+WPTcIuor1KOcr5LL0= X-Forefront-Antispam-Report: CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2025 09:10:58.4506 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c4e48610-83fc-4b29-202a-08dd557c516a X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00006001.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6207 X-Patchwork-Delegate: dsahern@gmail.com In preparation for adding port mask support, move port parsing to a function. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata --- ip/iprule.c | 57 +++++++++++++++++++++++++---------------------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/ip/iprule.c b/ip/iprule.c index ea30d418712c..61e092bc5693 100644 --- a/ip/iprule.c +++ b/ip/iprule.c @@ -600,6 +600,29 @@ static int flush_rule(struct nlmsghdr *n, void *arg) return 0; } +static void iprule_port_parse(char *arg, struct fib_rule_port_range *r) +{ + char *sep; + + sep = strchr(arg, '-'); + if (sep) { + *sep = '\0'; + + if (get_u16(&r->start, arg, 10)) + invarg("invalid port range start", arg); + + if (get_u16(&r->end, sep + 1, 10)) + invarg("invalid port range end", sep + 1); + + return; + } + + if (get_u16(&r->start, arg, 10)) + invarg("invalid port", arg); + + r->end = r->start; +} + static void iprule_flowlabel_parse(char *arg, __u32 *flowlabel, __u32 *flowlabel_mask) { @@ -746,27 +769,11 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action) invarg("Invalid \"ipproto\" value\n", *argv); filter.ipproto = ipproto; } else if (strcmp(*argv, "sport") == 0) { - struct fib_rule_port_range r; - int ret; - NEXT_ARG(); - ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); - if (ret == 1) - r.end = r.start; - else if (ret != 2) - invarg("invalid port range\n", *argv); - filter.sport = r; + iprule_port_parse(*argv, &filter.sport); } else if (strcmp(*argv, "dport") == 0) { - struct fib_rule_port_range r; - int ret; - NEXT_ARG(); - ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); - if (ret == 1) - r.end = r.start; - else if (ret != 2) - invarg("invalid dport range\n", *argv); - filter.dport = r; + iprule_port_parse(*argv, &filter.dport); } else if (strcmp(*argv, "dscp") == 0) { __u32 dscp; @@ -1036,26 +1043,16 @@ static int iprule_modify(int cmd, int argc, char **argv) addattr8(&req.n, sizeof(req), FRA_IP_PROTO, ipproto); } else if (strcmp(*argv, "sport") == 0) { struct fib_rule_port_range r; - int ret = 0; NEXT_ARG(); - ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); - if (ret == 1) - r.end = r.start; - else if (ret != 2) - invarg("invalid port range\n", *argv); + iprule_port_parse(*argv, &r); addattr_l(&req.n, sizeof(req), FRA_SPORT_RANGE, &r, sizeof(r)); } else if (strcmp(*argv, "dport") == 0) { struct fib_rule_port_range r; - int ret = 0; NEXT_ARG(); - ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); - if (ret == 1) - r.end = r.start; - else if (ret != 2) - invarg("invalid dport range\n", *argv); + iprule_port_parse(*argv, &r); addattr_l(&req.n, sizeof(req), FRA_DPORT_RANGE, &r, sizeof(r)); } else if (strcmp(*argv, "dscp") == 0) { From patchwork Tue Feb 25 09:09:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13989595 X-Patchwork-Delegate: dsahern@gmail.com Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2050.outbound.protection.outlook.com [40.107.244.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4922D266EE8 for ; Tue, 25 Feb 2025 09:11:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.50 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474667; cv=fail; b=lw5HLxY62B1siu/xRUzWtNebqR6pag2nexVuG5m0FjG5VP3NTrlHZ4H9Ggib3aBQ0wix7B+g8t6HvlEeYqJZJF/y/oKhdHncjp8AHcFBhx681OndUUDZjBZaecdSdWFO8K+yHHznQm572GvmzqIq0qQwZUAs8NMo+ftSh7CC0jY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474667; c=relaxed/simple; bh=v3Vo8bJjvpGIjuCxsQ8Yr6pt8dfEvhLsQPMO57Fwhi4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=E5yL9UMfesw7i52X53najGrQXNbz8gVEeEcOMfvEq/t4FOrvrCZe5ioQI/KC04+c2jV6X1cU4CcZ3gUcip78EJh2AoXsX+1ESygJvKA6LRCCZ0P/9MtKzUVBsRIZRSicCG5GpjYtCGYZfnWlByEoxVFIfsGx50w7nRYrPbpMTFY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=PAF8Lr9d; arc=fail smtp.client-ip=40.107.244.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="PAF8Lr9d" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=A5V/mMlVebU7QWDkKOpfE0iCCoCjoZSO3Y+Whwm4Ox833wZKfCmc4DKuyEVfAjEJN26fu6YL9jb8FOHQOeCxgKeP+xxAMalX+arkfQADc4gA8izJOlvCZMJiHbdZZIItE5rP1fwldV49zwXkCA9NFeunKCL3EFMNMEbPhJig4N3G0/6+NW+Ps9Mlj23JiC8eylChjViS8yAYCYnwzk5w6E6vH1CSxoBCLjYgG49Pn+QXhTSDRYMcpExrpeYTJRIZ0MeI3OnGljVqBDZsTJl8cM8BKd9vguNe6tpvc87CLZty3PQc9tdsuLCenMG3ror6/5i5tJuEDzq8B/7v2QEHqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hu0Wu9M9G6BGlLgS574l6skZEZfBwqyd7RN53Fdhu+s=; b=WvCCYvpI7V8Sw9vyi8QLQo3kirE6R9FO9sqj0LMro7L3YvVvwd0Bm6ZCvAW4b8r8Gw1Ta0Tz9LmsTFC5RkbOmbjcpPi3W6Br1Uvd164Ng0oEnO7OnjaNzDjimJ7UFBDdjFXpSfejTCsQ2eCe4njIj5xb9AMGcZztfl1BdZph70o+9i5r3wuMv+8AJsVbs7XpBEgwmZdevAWAWL9YqeSi1Mi/hr8Oxhyb4hDhPl/hoNxnR3ok2KrdgtVNqdRvRFg41Ue+zVJcg60rnxN7BvWIE25gywWxibMzUNarMe5FTXQ9gTwAzwn7GblBTRa18s1WeWPFve16fqizFDtzrjEflg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hu0Wu9M9G6BGlLgS574l6skZEZfBwqyd7RN53Fdhu+s=; b=PAF8Lr9dt0HWET7DKpSiroPSnCZXM06kVhYxeNHBuartyzymbZnLmsqqJohmwqk4gohxaoSIjAS3EOjFMhxA7KtrOwN1n5is4XCKwMIv4BUqFxkvMmGRawp7WALOb12eg9QWjG2lng5Gobi1NLNdpwOKTjJ57X2aG9NAA7DTZM8UxwROoCLr9PAeqkGNJVMytVO3aAwXTCVoTc9WFLIxOhonRaQzewJ4ZScuaPQspI2qLa/KuAq9UDdLa76ARbHEfUbENGsl3pvdOfED1ukQMltAhJ8Xce+jwPW2yi48bSDCl/M8jEADUHFZE4nSAzi5w7GEX8WKvEyzpVL2lBguEA== Received: from MN2PR16CA0040.namprd16.prod.outlook.com (2603:10b6:208:234::9) by IA1PR12MB7760.namprd12.prod.outlook.com (2603:10b6:208:418::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Tue, 25 Feb 2025 09:11:03 +0000 Received: from BN1PEPF00006000.namprd05.prod.outlook.com (2603:10b6:208:234:cafe::9c) by MN2PR16CA0040.outlook.office365.com (2603:10b6:208:234::9) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.18 via Frontend Transport; Tue, 25 Feb 2025 09:11:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by BN1PEPF00006000.mail.protection.outlook.com (10.167.243.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.16 via Frontend Transport; Tue, 25 Feb 2025 09:11:02 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Tue, 25 Feb 2025 01:10:48 -0800 Received: from shredder.mtl.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 25 Feb 2025 01:10:45 -0800 From: Ido Schimmel To: CC: , , , , Ido Schimmel Subject: [PATCH iproute2-next v2 3/5] iprule: Allow specifying ports in hexadecimal notation Date: Tue, 25 Feb 2025 11:09:15 +0200 Message-ID: <20250225090917.499376-4-idosch@nvidia.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250225090917.499376-1-idosch@nvidia.com> References: <20250225090917.499376-1-idosch@nvidia.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00006000:EE_|IA1PR12MB7760:EE_ X-MS-Office365-Filtering-Correlation-Id: a2fd5be4-ef45-43f5-2f1e-08dd557c5426 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|376014; X-Microsoft-Antispam-Message-Info: lS1P4wODcuL9MdX0OLTHbey1TTMu9cRmR+KbKS80qhVpCKFprBPxquzqxyibx/dkW6CmjS0arew78iYQ5jWP1ZjY3F6jR4LyDN9VStb7XzjqUpxqMdO/JXRAdvoWT6Eu51+HKHB7xxcw7bjX5GpeYUFwVwvM8Zb4A1zwnM06xMRBV7/F3Uk83N1t3rQGyLPAoZ1Kl1c6tE1Dxlk9/HU/R5C9G2Q00zVZqaOxrDMbkr6mlAZLBfvsWxgmESbOhY4KyhbBxMDHoPs1kA37xai284u9D2FVlzvSauBLa3CykPjM4pBjlkgq80szWAKg0oVPalClnzavfWKL4/9H/lZkqx8hKrbmEpycNlaK7WG2+EdzRsPNlfG/fcMCh+YUWS0UD2D2rYwaMmMYeBqVxutQI2uiiDX1MMBeV9Tc2dOPmnZG7uqaHLIOMMiU5JGI8ScR+z0qolsYtG/35+NDhreqaGmHzyqTPLzBuY6Bf1e+ROlPSlCSEVeygrLjCpUnlEimAFY4O69cWET5vhV4HjNHpkPm7iOEP1gKEZVkAAD6njaOvDdfy3xgv5JU2KOKEPLPy3C5zAvy+aZkVnnc3frerPG7+rIMqK5UArNygCw3J4ALTzWrcE5akvOt3aSEqaxpMyJj0xiKtFfv+eUZOcuhE6qmpWFBA9LgJ31y/RTXd14HZFOnmiUDBcMM/paEJG47lM0vTvRSveUZ4SSNH/uBL9udbByPJYI/Abzt27/SAFF4qMDxpFEg/MShTauzz7sCr79yOzvRU+r5zHTI3ArJwZufe9VAoMfyRbDmY+q0qldLQ1Rd4XlsfzGIA9ZyjwKSvLk3OgiNmn3hhyXHmZyru6cBYzR+Zqo8BPxLysL3HK76pFfon2PMXbsDk6gIjLCuO6q+Q9Rn335V3NytaS27IPiRyBa3HHVN64FLqgSfSus/GmLirLsphOHoOMEF9AGTh6vRXswfCwwwkZAH4x0qHL9ghCGKdM4YoByVbOskECrywwpgQXGefNRxDoV4SHoo0i8rhfOm3T1QNt4d/91yv5AFjN1hje/K5bj/87S8XdioduxzPn58AIBXb91Kz5zKx53ybgH7KEsBuMJF6k4GGsEIqLhRHZ0VSZQE+c/tWEaukk/8UA1+ldjM3gAS5jBFf7jG1CknPjrW8Z3A+fNLwpQ4Qd9G/oR/PZcPe+njv+DxztfXfwiDfKF1uNATU/ACySV5fFUWYaM0PrF0YY9btt5OKc6iHtocicO8wuZMC6mpe3wYAAe/eKZ4AIRp5wJkXO1rd050Mb7LvlBKK7N/ypzQnvFB708wQc7qjiJgBxDndbsL6iU5GTOaD7G6OfR7dsZfykTkRPgk1DnEDo5kyEBU+lLoYJiVMc2eWxCbD3rsDUY9vp/W5DcO5Q4KtYVA/NszWC4agBi+SeplFT5SlRVfAREqj0ZsnggC1td25UcQ2FpArTnTrXwc65DdlHj78DH0OWMHwDy6r2j2yOSolyURGJZ3XCiiKF8YCcTXdU8= X-Forefront-Antispam-Report: CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2025 09:11:02.9760 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a2fd5be4-ef45-43f5-2f1e-08dd557c5426 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00006000.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7760 X-Patchwork-Delegate: dsahern@gmail.com This will be useful when enabling port masks in the next patch. Before: # ip rule add sport 0x1 table 100 Invalid "sport" After: # ip rule add sport 0x1 table 100 $ ip rule show sport 0x1 32765: from all sport 1 lookup 100 Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata --- ip/iprule.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ip/iprule.c b/ip/iprule.c index 61e092bc5693..64d389bebb76 100644 --- a/ip/iprule.c +++ b/ip/iprule.c @@ -608,16 +608,16 @@ static void iprule_port_parse(char *arg, struct fib_rule_port_range *r) if (sep) { *sep = '\0'; - if (get_u16(&r->start, arg, 10)) + if (get_u16(&r->start, arg, 0)) invarg("invalid port range start", arg); - if (get_u16(&r->end, sep + 1, 10)) + if (get_u16(&r->end, sep + 1, 0)) invarg("invalid port range end", sep + 1); return; } - if (get_u16(&r->start, arg, 10)) + if (get_u16(&r->start, arg, 0)) invarg("invalid port", arg); r->end = r->start; From patchwork Tue Feb 25 09:09:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13989596 X-Patchwork-Delegate: dsahern@gmail.com Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2048.outbound.protection.outlook.com [40.107.93.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60B5D266EF7 for ; Tue, 25 Feb 2025 09:11:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.48 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474669; cv=fail; b=Rwxl0SKD9n7anq6MfQgkd6zwSX9XhYs5YZo5DGiGQzGUtQxx3R416E5dsW0b/FgpyIqwf5nEzCbRX8OKAF7rMKczqorBUjorfTvv3KLFbJDjggiRWisbHtZ/3IPZM6qIijcD1ejOPSnL5nhCrLdAmLjFhSf8cEqCPO164M0ACVg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474669; c=relaxed/simple; bh=Cq9f1gQjooFsSduhXofgZieiMr+Zxas9pjcSkbAqGbk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WD+Ryp5P0YWFyqsaYtvmRZNYRiQwdMTIMiW6F0sq43iycL9oYQGVzZebPSpNTqVBgzhs/YoCKPkW2Tp6h7DqjeuB+nbKsQ4TfTpvrGGpmQJhD/oYiNkkJm8u/xS+IpWwbMXlgW9lGmvwGwYjQQkWNBCzc4Uk0bRoD2Oc/5rH0ZA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=aA9NpURB; arc=fail smtp.client-ip=40.107.93.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="aA9NpURB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kIYjrI+0vN2i1mpqju5whQVmxqs8mxYROy1AkdMC4OVTRXSSdhb29/Mjn1+QEYydNv7sd0FlspSEh9MDR3hvhRndEqg6XIUF1sdUTjiAzu4QjQbb8JGnoO0da1p1Q4vj/r8T2FBxntDJ4eJKd9pflpX1QtWVrdqWj/78fZQFDFo8+bqMX56GA8BRwcIMe1SeHyFKaSzeuYDlvhjZJczJE3ChV+trx+Eq0aSZpYsU9TLk72EB9wE6Zrd1cmtyOOTONWEGMm6jZkQ7QdOJT6m3xhhoULZ1WEy7uibeT9kjYzPbN2VLmqPArxrzEMD4Tk7y8GkQGLVAE21l5m4P6FXSXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ks+PMvczbLnUo7KOn4L0GlQp8MBRHLCiVVj92m60gUY=; b=VOtUuk+6cVVmqJpldXChJaRqQn3ZQd+2NgAHcwfV4DF5NRea8AEy9KRB8F43zb7wQgM7ERxcqooUQDEJt6/kneYDfRsTEaaSDGepEFbTSOYRtQ/NEkMFGkOhU/5mb2O31mVKl1DSPJdZLFDKN6Demax0pheg1oIIqBeRJRWiR2S9U+cs1CEZQ2xfnjIoY8WHhM50jFtgoNAZHnSSSy/SySodNVd4eVdFwamChEZxLO/m5hFaFg6HePUBiZ1t7ZgvFfdLL8WhVQJ7/wK2eBiDbsScu+razzAzN9Y1hF+DlwJxbBb446Of2cRVRfD4h5gHg7x07JDsf/GE/OxvI64d/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ks+PMvczbLnUo7KOn4L0GlQp8MBRHLCiVVj92m60gUY=; b=aA9NpURBLbCsUTz76xttiUSNQYBYDrFVFZEPtwSDPYHKIAypLtmGqUnN1P5J1S5dF9Rhch0Gl2nlOLwZWvlvEznQnKvsKuKRrZl7yu0Rvj8cQDQ1KdQMETHIVIxCUtSawsxBiJBkrJCPlqqVLzGH1DpWkurwuwRg19Sl5qevehIUywryZfluDrLXmNWZMiDx9Tl0Sbuj+zaH7s/KF/P7oF95xJmJUJXfPtpVpyoiWNYtS4oOs/2LIhki41cfGSNJLlL7QQsW07fJkyasHhcqhkskseytqG2x1pIbXVSncENKU4Kn4Dk6SI0xmNo6qVtFuzzaZbg/6hTyGN+VUZM95Q== Received: from SA9PR13CA0161.namprd13.prod.outlook.com (2603:10b6:806:28::16) by CY8PR12MB7562.namprd12.prod.outlook.com (2603:10b6:930:95::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.19; Tue, 25 Feb 2025 09:11:02 +0000 Received: from SA2PEPF0000150A.namprd04.prod.outlook.com (2603:10b6:806:28:cafe::1d) by SA9PR13CA0161.outlook.office365.com (2603:10b6:806:28::16) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Tue, 25 Feb 2025 09:11:02 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by SA2PEPF0000150A.mail.protection.outlook.com (10.167.242.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.16 via Frontend Transport; Tue, 25 Feb 2025 09:11:01 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Tue, 25 Feb 2025 01:10:51 -0800 Received: from shredder.mtl.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 25 Feb 2025 01:10:48 -0800 From: Ido Schimmel To: CC: , , , , Ido Schimmel Subject: [PATCH iproute2-next v2 4/5] iprule: Add port mask support Date: Tue, 25 Feb 2025 11:09:16 +0200 Message-ID: <20250225090917.499376-5-idosch@nvidia.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250225090917.499376-1-idosch@nvidia.com> References: <20250225090917.499376-1-idosch@nvidia.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA2PEPF0000150A:EE_|CY8PR12MB7562:EE_ X-MS-Office365-Filtering-Correlation-Id: a432d89c-f8d8-48e4-21aa-08dd557c5370 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014; X-Microsoft-Antispam-Message-Info: n22FXny3XIYB/m9T9Ilv01bQVsgNW30eq2KhJ+qBQVDvrHM38qCYufzEMoNonI4b2i1/fUyIQleaUwQcun/5cBmAvkCcp76qiqRCApDC1cE9jL2Dm+pdIwxOTQdphVu7+IxFQcbeRs8u/HfHiVCwV7cmIE2Z6x66U/mhors2NMgZt7cp6AF+2gqsOvvk6rYu1uqJwH3Xt+zH29Eza3TeZtMxFQvSqd2Y1h5iSicfGdgQcETnhnaghT9pcmox2drRfbMc+gn6OdQ4Je8J0HTBS+1lutsROCqSeoXCnbo9DTUjXX/++tqF1qzxEkiMdrQEILWmVxJJiXWKqLRXtCowTY8INGdXNInLJRapbEQxQndx1Vv/OsZpDzJU4Zq+NO9cnOg2AcLxgJ0/OPpFUCZ7J8T9Bw2H63toUJrGIPLzedAoeXr2RMxW/FEIl6upPtaxRUFKYueM6vjUqyq/rEqo/a9zLYRIsaUtDxuIKm/gltadTV5EegCk1CPDvjv6E4xxf9Co6EC4GRFYeNnoGczuaW9FFsl+FCt6yw1jYhP1adcDjnCDCcQLHpzHmZLCIKWeg1Vq29DvG+ZxfZGYTZ/DJSbdMvg5AGlQqKmjX0I8pAm3mjIZA9OQ0zMRuH3XLN51/FSSwmby1lZhnlJDv0OEgFLjDVavegP2E76LvaG64wYfrDE26bDai4shv3yGsFd0ddzRVswzYRT9kJbh0fpAru7jjKi0ZwVo+9t5y2praMQkP0yGkB/vaUeO+2xDz8krxig7q5pA7CU1q1vX6N+cOT3diBENdM3rx5xWpPvlPmho7ByxeBPnf5jO1yi8YzztgCHSgol2EJXmXDp15xJikLIm2HuqYcEusvlnTRQ8k+ORBCiXE5IgrMwysJGmvNiTx6IKZAb7Rat7eARaU48TEIxTbqi3L/J7Q7M6MvWsIRf4/JuTl4uaeTrCVeXID2gP562t6h5eqGgTKc4Dxx8yj3SLKXgAYqMe+i6oqYLqlvVf69AxaKaAYeXKp3Njk0s8jkERAxf5VYFyaV0P4KCHdJaR4f5SXPDKDB/QBE/awqG5A8qMmEIAT6OUPpNIEETBFzjxk0CyBE2Ea+AEScUFA0QIz+el1B40FWHLwqzw46XHzCXp+Iadjo/KvMdH+YjeP+6F7l89V+xEEH26Br191tX/YXswpC0GkQNjLxKOzQ85gPYb7N55Y7uXLi5zGi5+MLVpHZsjJf2NlqoWReDfd6qZqLvlELkrxaz1Oy7nbBuKfsHB6vdmCDv3tthOTYDVHQ1QZUkFriu2zRdrISfIHstUf10wAh3M5ww5dMnyOaB6mMt5EbNsl9i2Rt+w0G0peZ8IabXThiGvCLGUN/DSKmapfzlh6HGbVRHhtrRshEJpfk2j9RMSy1Nnl9v31SBNb7D36wH1Yrlb6wmWzNurtzX/cQx6IQHA9tTu7ngjRH75EBU6FMMltQyKA1YbXxOWz1QFkkT6Hhnpq7JlJ0BmpjRjA08cc+KE48ij5VQD020= X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2025 09:11:01.8923 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a432d89c-f8d8-48e4-21aa-08dd557c5370 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SA2PEPF0000150A.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7562 X-Patchwork-Delegate: dsahern@gmail.com Add port mask support, allowing users to specify a source or destination port with an optional mask. Example: # ip rule add sport 80 table 100 # ip rule add sport 90/0xffff table 200 # ip rule add dport 1000-2000 table 300 # ip rule add sport 0x123/0xfff table 400 # ip rule add dport 0x4/0xff table 500 # ip rule add dport 0x8/0xf table 600 # ip rule del dport 0x8/0xf table 600 In non-JSON output, the mask is not printed in case of exact match: $ ip rule show 0: from all lookup local 32761: from all dport 0x4/0xff lookup 500 32762: from all sport 0x123/0xfff lookup 400 32763: from all dport 1000-2000 lookup 300 32764: from all sport 90 lookup 200 32765: from all sport 80 lookup 100 32766: from all lookup main 32767: from all lookup default Dump can be filtered by port value and mask: $ ip rule show sport 80 32765: from all sport 80 lookup 100 $ ip rule show sport 90 32764: from all sport 90 lookup 200 $ ip rule show sport 0x123/0x0fff 32762: from all sport 0x123/0xfff lookup 400 $ ip rule show dport 4/0xff 32761: from all dport 0x4/0xff lookup 500 In JSON output, the port mask is printed as an hexadecimal string to be consistent with other masks. The port value is printed as an integer in order not to break existing scripts: $ ip -j -p rule show sport 0x123/0xfff table 400 [ { "priority": 32762, "src": "all", "sport": 291, "sport_mask": "0xfff", "table": "400" } ] The mask attribute is only sent to the kernel in case of inexact match so that iproute2 will continue working with kernels that do not support the attribute. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata --- Notes: v2: * Do not duplicate port parsing in iprule_port_parse(). * s/supports/Supports/ in man page. ip/iprule.c | 96 ++++++++++++++++++++++++++++++++++++++----- man/man8/ip-rule.8.in | 14 ++++--- 2 files changed, 93 insertions(+), 17 deletions(-) diff --git a/ip/iprule.c b/ip/iprule.c index 64d389bebb76..3338c7d6773a 100644 --- a/ip/iprule.c +++ b/ip/iprule.c @@ -23,6 +23,8 @@ #include "ip_common.h" #include "json_print.h" +#define PORT_MAX_MASK 0xFFFF + enum list_action { IPRULE_LIST, IPRULE_FLUSH, @@ -44,8 +46,8 @@ static void usage(void) " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n" " [ uidrange NUMBER-NUMBER ]\n" " [ ipproto PROTOCOL ]\n" - " [ sport [ NUMBER | NUMBER-NUMBER ]\n" - " [ dport [ NUMBER | NUMBER-NUMBER ] ]\n" + " [ sport [ NUMBER[/MASK] | NUMBER-NUMBER ]\n" + " [ dport [ NUMBER[/MASK] | NUMBER-NUMBER ] ]\n" " [ dscp DSCP ] [ flowlabel FLOWLABEL[/MASK] ]\n" "ACTION := [ table TABLE_ID ]\n" " [ protocol PROTO ]\n" @@ -80,6 +82,7 @@ static struct int protocolmask; struct fib_rule_port_range sport; struct fib_rule_port_range dport; + __u16 sport_mask, dport_mask; __u8 ipproto; } filter; @@ -186,8 +189,9 @@ static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len) return false; } - if (filter.sport.start) { + if (filter.sport_mask) { const struct fib_rule_port_range *r; + __u16 sport_mask = PORT_MAX_MASK; if (!tb[FRA_SPORT_RANGE]) return false; @@ -196,10 +200,16 @@ static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len) if (r->start != filter.sport.start || r->end != filter.sport.end) return false; + + if (tb[FRA_SPORT_MASK]) + sport_mask = rta_getattr_u16(tb[FRA_SPORT_MASK]); + if (filter.sport_mask != sport_mask) + return false; } - if (filter.dport.start) { + if (filter.dport_mask) { const struct fib_rule_port_range *r; + __u16 dport_mask = PORT_MAX_MASK; if (!tb[FRA_DPORT_RANGE]) return false; @@ -208,6 +218,11 @@ static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len) if (r->start != filter.dport.start || r->end != filter.dport.end) return false; + + if (tb[FRA_DPORT_MASK]) + dport_mask = rta_getattr_u16(tb[FRA_DPORT_MASK]); + if (filter.dport_mask != dport_mask) + return false; } if (filter.tun_id) { @@ -390,7 +405,26 @@ int print_rule(struct nlmsghdr *n, void *arg) struct fib_rule_port_range *r = RTA_DATA(tb[FRA_SPORT_RANGE]); if (r->start == r->end) { - print_uint(PRINT_ANY, "sport", " sport %u", r->start); + if (tb[FRA_SPORT_MASK]) { + __u16 mask; + + mask = rta_getattr_u16(tb[FRA_SPORT_MASK]); + print_uint(PRINT_JSON, "sport", NULL, r->start); + print_0xhex(PRINT_JSON, "sport_mask", NULL, + mask); + if (mask == PORT_MAX_MASK) { + print_uint(PRINT_FP, NULL, " sport %u", + r->start); + } else { + print_0xhex(PRINT_FP, NULL, + " sport %#x", r->start); + print_0xhex(PRINT_FP, NULL, "/%#x", + mask); + } + } else { + print_uint(PRINT_ANY, "sport", " sport %u", + r->start); + } } else { print_uint(PRINT_ANY, "sport_start", " sport %u", r->start); @@ -402,7 +436,26 @@ int print_rule(struct nlmsghdr *n, void *arg) struct fib_rule_port_range *r = RTA_DATA(tb[FRA_DPORT_RANGE]); if (r->start == r->end) { - print_uint(PRINT_ANY, "dport", " dport %u", r->start); + if (tb[FRA_DPORT_MASK]) { + __u16 mask; + + mask = rta_getattr_u16(tb[FRA_DPORT_MASK]); + print_uint(PRINT_JSON, "dport", NULL, r->start); + print_0xhex(PRINT_JSON, "dport_mask", NULL, + mask); + if (mask == 0xFFFF) { + print_uint(PRINT_FP, NULL, " dport %u", + r->start); + } else { + print_0xhex(PRINT_FP, NULL, + " dport %#x", r->start); + print_0xhex(PRINT_FP, NULL, "/%#x", + mask); + } + } else { + print_uint(PRINT_ANY, "dport", " dport %u", + r->start); + } } else { print_uint(PRINT_ANY, "dport_start", " dport %u", r->start); @@ -600,10 +653,13 @@ static int flush_rule(struct nlmsghdr *n, void *arg) return 0; } -static void iprule_port_parse(char *arg, struct fib_rule_port_range *r) +static void iprule_port_parse(char *arg, struct fib_rule_port_range *r, + __u16 *mask) { char *sep; + *mask = PORT_MAX_MASK; + sep = strchr(arg, '-'); if (sep) { *sep = '\0'; @@ -617,6 +673,14 @@ static void iprule_port_parse(char *arg, struct fib_rule_port_range *r) return; } + sep = strchr(arg, '/'); + if (sep) { + *sep = '\0'; + + if (get_u16(mask, sep + 1, 0)) + invarg("invalid mask", sep + 1); + } + if (get_u16(&r->start, arg, 0)) invarg("invalid port", arg); @@ -770,10 +834,12 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action) filter.ipproto = ipproto; } else if (strcmp(*argv, "sport") == 0) { NEXT_ARG(); - iprule_port_parse(*argv, &filter.sport); + iprule_port_parse(*argv, &filter.sport, + &filter.sport_mask); } else if (strcmp(*argv, "dport") == 0) { NEXT_ARG(); - iprule_port_parse(*argv, &filter.dport); + iprule_port_parse(*argv, &filter.dport, + &filter.dport_mask); } else if (strcmp(*argv, "dscp") == 0) { __u32 dscp; @@ -1043,18 +1109,26 @@ static int iprule_modify(int cmd, int argc, char **argv) addattr8(&req.n, sizeof(req), FRA_IP_PROTO, ipproto); } else if (strcmp(*argv, "sport") == 0) { struct fib_rule_port_range r; + __u16 sport_mask; NEXT_ARG(); - iprule_port_parse(*argv, &r); + iprule_port_parse(*argv, &r, &sport_mask); addattr_l(&req.n, sizeof(req), FRA_SPORT_RANGE, &r, sizeof(r)); + if (sport_mask != PORT_MAX_MASK) + addattr16(&req.n, sizeof(req), FRA_SPORT_MASK, + sport_mask); } else if (strcmp(*argv, "dport") == 0) { struct fib_rule_port_range r; + __u16 dport_mask; NEXT_ARG(); - iprule_port_parse(*argv, &r); + iprule_port_parse(*argv, &r, &dport_mask); addattr_l(&req.n, sizeof(req), FRA_DPORT_RANGE, &r, sizeof(r)); + if (dport_mask != PORT_MAX_MASK) + addattr16(&req.n, sizeof(req), FRA_DPORT_MASK, + dport_mask); } else if (strcmp(*argv, "dscp") == 0) { __u32 dscp; diff --git a/man/man8/ip-rule.8.in b/man/man8/ip-rule.8.in index 6fc741d4f470..6a2a3cd848df 100644 --- a/man/man8/ip-rule.8.in +++ b/man/man8/ip-rule.8.in @@ -52,10 +52,10 @@ ip-rule \- routing policy database management .B ipproto .IR PROTOCOL " ] [ " .BR sport " [ " -.IR NUMBER " | " +.IR NUMBER\fR[\fB/\fIMASK "] | " .IR NUMBER "-" NUMBER " ] ] [ " .BR dport " [ " -.IR NUMBER " | " +.IR NUMBER\fR[\fB/\fIMASK "] | " .IR NUMBER "-" NUMBER " ] ] [ " .B tun_id .IR TUN_ID " ] [ " @@ -270,12 +270,14 @@ value to match. select the ip protocol value to match. .TP -.BI sport " NUMBER | NUMBER-NUMBER" -select the source port value to match. supports port range. +.BI sport " NUMBER\fR[\fB/\fIMASK\fR] | NUMBER-NUMBER" +select the source port value to match with an optional mask. Supports port +range. .TP -.BI dport " NUMBER | NUMBER-NUMBER" -select the destination port value to match. supports port range. +.BI dport " NUMBER\fR[\fB/\fIMASK\fR] | NUMBER-NUMBER" +select the destination port value to match with an optional mask. Supports port +range. .TP .BI priority " PREFERENCE" From patchwork Tue Feb 25 09:09:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13989597 X-Patchwork-Delegate: dsahern@gmail.com Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2076.outbound.protection.outlook.com [40.107.220.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F09852676C8 for ; Tue, 25 Feb 2025 09:11:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.76 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474671; cv=fail; b=psqkqjRYSl+YS+DXOiSHBptBZ2FVrq4kuHflHR3Gou79UH2It7DPvD4+kw2/Oo5nFGLq7+twrCy3HHfxGzCPbz8PzOxuisk4ZigOt0mysBK+yvEw67UI3LjpxyfkBzRfumGvUXCRKwTK6fmfIjkVXCKhNSamLi85bpP4eEMoUgM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740474671; c=relaxed/simple; bh=BHoDNf/62t5mUw9AuBq8uXZfuCSIo6A9TmtCkDgMWgk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Z9yBe1paRZFPH5S045QwnZ7vHFkvOaASWYK198BAYENzJ+viKw5hlQuMYlpeKAhVl/SsqB/LopgroZqTx1oo9e4clkBgKEhXRiu/JNLHMwyeVew3vaYPv6bH/ItSZnVlDTr3XW1WjYYNSBDGcOkqMgnmJ26lEMrk4DUzkKI/mPg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=sWuM+61g; arc=fail smtp.client-ip=40.107.220.76 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="sWuM+61g" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=R5Sw7ElcExQH5R/TILbHci0HZY73uD8bf2t/RCtae1wP3xfEQK7IQaAavc5WGxUy+gm6D+WeRCjOsFwo5+14PD2ujxH1TF0xNR6zMbwBmNDsoBu8rKZg0mFdI9vAlIFSnGoDXJNtY76INnaiyBuI/lptBZBpW30EakHk44vCVR5MS5RzkXQ90Iv/TxJMXN+5PcqQW1fvgMKBiCWRqUfhlRspN6/C0suLRRRugM8+X5wPp4HNqTkUt6z5K0aalwIRpfO6Z7/Ve6FATxk6BiI/0bYmvVIFI9fgJOEISp9PorUDBUPSKkPH0nJrD4WWMVEShEMfzpA9GKteA3ciTU5eDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=39AvaITQDZTIFfmPFfIDhCqh2H44mrgDEUvouteNpro=; b=ae0rsZHdDSScTXhNjKCcLKLGKYeG575pUVKzssaejI/1B6UHk36zM6dFbmdSd71VIeClqzvMcTnqjj1q9jErOid/qdg5QJTr6gsHqrE84yr9Puna+D4/UO44Ed+9fkJJS+cBL0Uifanajjs0QHqj3WNd8jL7J0ZV0ESCR7+PMdVwjEqtqwKZ8UbTVecs5VzttjC556muo4iyzZw/aekquP16tR0LHtXaX5grDYl7NgD4Xn0f3al2zYoyiBfK1KbwJl/kTuK6bR8znlSNKg1/sWJaAkiH7/STzizkpUFvDdXPUqJs0AZ74t5wAjIkJTrM1talbHF8ZHCBGmIqPtVciQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=39AvaITQDZTIFfmPFfIDhCqh2H44mrgDEUvouteNpro=; b=sWuM+61g9Efj9Coj3kuDKfSZn5bSVt90UlEbSzc4U0xL6uSySCW78uMX33DLkfCRUTCBzIWmk15F5xHcLdg6/4ZCVGV76/EPvY3lS6cpg2Po0kFRvHImk07ANV1s06/pNukhkbZOoy7AlFjnxXRc9DGwhnp/fZEFxV5eeNtbYZJ4p0zIwQwRYjFLugHw9xz027B0MtHP4LNMsdrfVIo9yzP2jg7kSWGTpDctkyT3vK2mB+Ie8I0FfYNFSYToBWnY1LvvUpWNvcQbKGvd8tjEW97gT/yvNIGwdfpeKnvWZw28vasP6teLiN68GxWM69a6/IFl7LivBVl8dKrhhQujbQ== Received: from SA1PR05CA0003.namprd05.prod.outlook.com (2603:10b6:806:2d2::14) by SA1PR12MB8886.namprd12.prod.outlook.com (2603:10b6:806:375::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Tue, 25 Feb 2025 09:11:05 +0000 Received: from SA2PEPF00001504.namprd04.prod.outlook.com (2603:10b6:806:2d2:cafe::52) by SA1PR05CA0003.outlook.office365.com (2603:10b6:806:2d2::14) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Tue, 25 Feb 2025 09:11:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by SA2PEPF00001504.mail.protection.outlook.com (10.167.242.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.16 via Frontend Transport; Tue, 25 Feb 2025 09:11:05 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Tue, 25 Feb 2025 01:10:55 -0800 Received: from shredder.mtl.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Tue, 25 Feb 2025 01:10:51 -0800 From: Ido Schimmel To: CC: , , , , Ido Schimmel Subject: [PATCH iproute2-next v2 5/5] iprule: Add DSCP mask support Date: Tue, 25 Feb 2025 11:09:17 +0200 Message-ID: <20250225090917.499376-6-idosch@nvidia.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250225090917.499376-1-idosch@nvidia.com> References: <20250225090917.499376-1-idosch@nvidia.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA2PEPF00001504:EE_|SA1PR12MB8886:EE_ X-MS-Office365-Filtering-Correlation-Id: 4f4e974a-a679-43a8-767b-08dd557c5598 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|1800799024; X-Microsoft-Antispam-Message-Info: 9cFhSCGKcog92DCTItag2+pgLVVbgdsZCAbbmbVgrzBVe7PIem6FQvOhbaNPaTD2QM8Af4IMsYc7VIq+3cN9hZOjuOI/tOqtIj8q1evu9I1Pw9qvCvH8xi9hen/jIv0zegNW+DCCvLO9vSTlxzYL37u11bGtV4Ua4Y2F3g7Si2XwYpdTN7FbdaxiF5dS74DWLDB4246WAO0mG+EECqbhY/6XknW3iBRf4+leZKsuX2NikHjHWRASE4fTYLaG+qZjdP3PPF89vVnaF6mDcE5ghZrFcQL+N9fljmjnoB4A7ew8t9i3/F8zPknMiUMCaK1Kmnt//dbTzv8hySfONYl//DY1WIXgnqqCwzfNOp2eUSzpy2oYoeFa9tOGNj7frez0muLp31MfNAP8lrLJet/jDjx9nBVXs9fdR99RNZC8v9qJVv3Sw1Ts+ALP5EZiJMQ/YMMHkVLj/qGw11e3Y64WFFwnepWwQ/ck5tM3/RWG1mLQo/PqmITRnEp5g9kQOxCHUalMQkWFgbbXTqqfA5HncyRL/KUZ/ayY0oZb3xHiKAuvIhEgR5JjYAreDjCQrzdBBO+bWgICqvr7y91WydGqH6ykx62bUuqDsIt9ITnZguH3wsFI77K0nRZLwJaVCFAKMDEWAAd81kQOLkHqFKF8dSwax707qZuuH4NEiOadFDs7umLpFwW+mCc4RSLMBG0UuVGs47caA5zSvi3ukZ1GWgNaRKrkfMPGLT1IxdFmB2vicyxejq/kzfH+uDZnEYDSNmYXjKuHpHRZeFgEouB1wXudsxwvqBHFqJb1IqOgFxrK6/EmW8XlBxYOT154Gr9DgrmTLCc6n78+rL/DqSJ6FG2lhjcv1hNmcvN8UbjOvVZJmohMRCvHw+gwd0WXXk1iKcoi9KN+xXUaOoq7Thq79CoR1g0tgguWsJ5ec204pjUoYGTfO12q4wzDaKIR+c9bdXIQ5wlLBexlzjJV/r4BGrhyOKwQ81cDaaEWamk2KlVKM7gx8TNzRJfvlUyaIJG/XeJRQxDklBR+w4zdAK7fgMwqvxcul6TREkBrNlVMkiLFEW+fRq/zYC5vA4+Vlw9pwQBIslblEnO3rqGHZSoK3PJMcIVLt3KpGkc8NoSRM/gSX6Q1rlYhm5U/nQCJz4JY4OXJfMFqL/pQ4jxY8urg7zXTAOXnPaT8cu+uK+uvmC5zxyY1n5j5aKfZekGoLy9KLUrc3zEHTr7/YvZVZ7IyN2PVwSd9yTtxeDPCjZA2Kkm9AfEuAK9LQme7WNS8jR4eLmRBAlMtkB3+OOmkX9ENdBgZ4meJFY5WbM4xHbMq2upu4R1z2Y0czsj6HDmhNIX1eeCUFJCPGwpqMhCjliPOzlr5giy9X0VoNrbQz5+ZlvoBBt+Kd2NFHUxvZ+rlqsfvkI3v9m6oj3/6slflMwLibpYLj+DVfromJAZraDeDmw7ZUg4AYxAJMZFiz4EssdGYvpCIsn81sYhGbR2gCKlUzSZ59K6YU8VfDCSZGssbzjo= X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2025 09:11:05.4808 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4f4e974a-a679-43a8-767b-08dd557c5598 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: SA2PEPF00001504.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8886 X-Patchwork-Delegate: dsahern@gmail.com Add DSCP mask support, allowing users to specify a DSCP value with an optional mask. Example: # ip rule add dscp 1 table 100 # ip rule add dscp 0x02/0x3f table 200 # ip rule add dscp AF42/0x3f table 300 # ip rule add dscp 0x10/0x30 table 400 In non-JSON output, the DSCP mask is not printed in case of exact match and the DSCP value is printed in hexadecimal format in case of inexact match: $ ip rule show 0: from all lookup local 32762: from all lookup 400 dscp 0x10/0x30 32763: from all lookup 300 dscp AF42 32764: from all lookup 200 dscp 2 32765: from all lookup 100 dscp 1 32766: from all lookup main 32767: from all lookup default Dump can be filtered by DSCP value and mask: $ ip rule show dscp 1 32765: from all lookup 100 dscp 1 $ ip rule show dscp AF42 32763: from all lookup 300 dscp AF42 $ ip rule show dscp 0x10/0x30 32762: from all lookup 400 dscp 0x10/0x30 In JSON output, the DSCP mask is printed as an hexadecimal string to be consistent with other masks. The DSCP value is printed as an integer in order not to break existing scripts: $ ip -j -p -N rule show dscp 0x10/0x30 [ { "priority": 32762, "src": "all", "table": "400", "dscp": "16", "dscp_mask": "0x30" } ] The mask attribute is only sent to the kernel in case of inexact match so that iproute2 will continue working with kernels that do not support the attribute. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata --- ip/iprule.c | 73 ++++++++++++++++++++++++++++++++----------- man/man8/ip-rule.8.in | 9 +++--- 2 files changed, 60 insertions(+), 22 deletions(-) diff --git a/ip/iprule.c b/ip/iprule.c index 3338c7d6773a..3af02da24950 100644 --- a/ip/iprule.c +++ b/ip/iprule.c @@ -24,6 +24,7 @@ #include "json_print.h" #define PORT_MAX_MASK 0xFFFF +#define DSCP_MAX_MASK 0x3F enum list_action { IPRULE_LIST, @@ -48,7 +49,7 @@ static void usage(void) " [ ipproto PROTOCOL ]\n" " [ sport [ NUMBER[/MASK] | NUMBER-NUMBER ]\n" " [ dport [ NUMBER[/MASK] | NUMBER-NUMBER ] ]\n" - " [ dscp DSCP ] [ flowlabel FLOWLABEL[/MASK] ]\n" + " [ dscp DSCP[/MASK] ] [ flowlabel FLOWLABEL[/MASK] ]\n" "ACTION := [ table TABLE_ID ]\n" " [ protocol PROTO ]\n" " [ nat ADDRESS ]\n" @@ -238,14 +239,21 @@ static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len) } if (filter.dscpmask) { - if (tb[FRA_DSCP]) { - __u8 dscp = rta_getattr_u8(tb[FRA_DSCP]); + __u8 dscp_mask = DSCP_MAX_MASK; + __u8 dscp; - if (filter.dscp != dscp) - return false; - } else { + if (!tb[FRA_DSCP]) + return false; + + dscp = rta_getattr_u8(tb[FRA_DSCP]); + if (filter.dscp != dscp) + return false; + + if (tb[FRA_DSCP_MASK]) + dscp_mask = rta_getattr_u8(tb[FRA_DSCP_MASK]); + + if (filter.dscpmask != dscp_mask) return false; - } } if (filter.flowlabel_mask) { @@ -552,8 +560,24 @@ int print_rule(struct nlmsghdr *n, void *arg) if (tb[FRA_DSCP]) { __u8 dscp = rta_getattr_u8(tb[FRA_DSCP]); - print_string(PRINT_ANY, "dscp", " dscp %s", - rtnl_dscp_n2a(dscp, b1, sizeof(b1))); + if (tb[FRA_DSCP_MASK]) { + __u8 mask = rta_getattr_u8(tb[FRA_DSCP_MASK]); + + print_string(PRINT_JSON, "dscp", NULL, + rtnl_dscp_n2a(dscp, b1, sizeof(b1))); + print_0xhex(PRINT_JSON, "dscp_mask", NULL, mask); + if (mask == DSCP_MAX_MASK) { + print_string(PRINT_FP, NULL, " dscp %s", + rtnl_dscp_n2a(dscp, b1, + sizeof(b1))); + } else { + print_0xhex(PRINT_FP, NULL, " dscp %#x", dscp); + print_0xhex(PRINT_FP, NULL, "/%#x", mask); + } + } else { + print_string(PRINT_ANY, "dscp", " dscp %s", + rtnl_dscp_n2a(dscp, b1, sizeof(b1))); + } } /* The kernel will either provide both attributes, or none */ @@ -687,6 +711,21 @@ static void iprule_port_parse(char *arg, struct fib_rule_port_range *r, r->end = r->start; } +static void iprule_dscp_parse(char *arg, __u32 *dscp, __u32 *mask) +{ + char *slash; + + *mask = DSCP_MAX_MASK; + + slash = strchr(arg, '/'); + if (slash != NULL) + *slash = '\0'; + if (rtnl_dscp_a2n(dscp, arg)) + invarg("invalid dscp", arg); + if (slash && get_u32(mask, slash + 1, 0)) + invarg("invalid dscp mask", slash + 1); +} + static void iprule_flowlabel_parse(char *arg, __u32 *flowlabel, __u32 *flowlabel_mask) { @@ -841,13 +880,9 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action) iprule_port_parse(*argv, &filter.dport, &filter.dport_mask); } else if (strcmp(*argv, "dscp") == 0) { - __u32 dscp; - NEXT_ARG(); - if (rtnl_dscp_a2n(&dscp, *argv)) - invarg("invalid dscp\n", *argv); - filter.dscp = dscp; - filter.dscpmask = 1; + iprule_dscp_parse(*argv, &filter.dscp, + &filter.dscpmask); } else if (strcmp(*argv, "flowlabel") == 0) { NEXT_ARG(); @@ -1130,12 +1165,14 @@ static int iprule_modify(int cmd, int argc, char **argv) addattr16(&req.n, sizeof(req), FRA_DPORT_MASK, dport_mask); } else if (strcmp(*argv, "dscp") == 0) { - __u32 dscp; + __u32 dscp, dscp_mask; NEXT_ARG(); - if (rtnl_dscp_a2n(&dscp, *argv)) - invarg("invalid dscp\n", *argv); + iprule_dscp_parse(*argv, &dscp, &dscp_mask); addattr8(&req.n, sizeof(req), FRA_DSCP, dscp); + if (dscp_mask != DSCP_MAX_MASK) + addattr8(&req.n, sizeof(req), FRA_DSCP_MASK, + dscp_mask); } else if (strcmp(*argv, "flowlabel") == 0) { __u32 flowlabel, flowlabel_mask; diff --git a/man/man8/ip-rule.8.in b/man/man8/ip-rule.8.in index 6a2a3cd848df..6331a021d95a 100644 --- a/man/man8/ip-rule.8.in +++ b/man/man8/ip-rule.8.in @@ -37,7 +37,7 @@ ip-rule \- routing policy database management .B tos .IR TOS " ] [ " .B dscp -.IR DSCP " ] [ " +.IR DSCP\fR[\fB/\fIMASK "] ] [ " .B fwmark .IR FWMARK\fR[\fB/\fIMASK "] ] [ " .B iif @@ -239,9 +239,10 @@ a device. select the TOS value to match. .TP -.BI dscp " DSCP" -select the DSCP value to match. DSCP values can be written either directly as -numeric values (valid values are 0-63), or using symbolic names specified in +.BI dscp " DSCP\fR[\fB/\fIMASK\fR]" +select the DSCP value to match with an optional mask. DSCP values can be +written either directly as numeric values (valid values are 0-63), or using +symbolic names specified in .BR @SYSCONF_USR_DIR@/rt_dsfield " or " @SYSCONF_ETC_DIR@/rt_dsfield (has precedence if exists). However, note that the file specifies full 8-bit dsfield values, whereas